MySQL  8.0.27
Source Code Documentation
sql_rewrite.h
Go to the documentation of this file.
1 /* Copyright (c) 2011, 2021, Oracle and/or its affiliates.
2 
3  This program is free software; you can redistribute it and/or modify
4  it under the terms of the GNU General Public License, version 2.0,
5  as published by the Free Software Foundation.
6 
7  This program is also distributed with certain software (including
8  but not limited to OpenSSL) that is licensed under separate terms,
9  as designated in a particular file or component or in included license
10  documentation. The authors of MySQL hereby grant you an additional
11  permission to link the program and your derivative works with the
12  separately licensed software that they have included with MySQL.
13 
14  This program is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  GNU General Public License, version 2.0, for more details.
18 
19  You should have received a copy of the GNU General Public License
20  along with this program; if not, write to the Free Software
21  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22 
23 #ifndef SQL_REWRITE_INCLUDED
24 #define SQL_REWRITE_INCLUDED
25 
26 #include <set>
27 #include "my_sqlcommand.h"
28 #include "sql/table.h"
29 
30 /* Forward declarations */
31 class THD;
32 class LEX_GRANT_AS;
33 /**
34  Target types where the rewritten query will be added. Query rewrite might
35  vary based on this type.
36 */
37 enum class Consumer_type {
38  TEXTLOG, /* General log, slow query log and audit log */
39  BINLOG, /* Binary logs */
40  STDOUT /* Standard output */
41 };
42 
43 /**
44  An interface to wrap the paramters required by specific Rewriter.
45  Parameters required by specific Rewriter must be added in the concrete
46  implementation.
47  Clients need to wrap the parameters in specific concrete object.
48  The Rewrite_params objects is not expected to change and passed around as
49  const objects.
50 */
52  protected:
53  virtual ~Rewrite_params() = default;
54 };
55 
56 /**
57  Wrapper object for user related parameters required by:
58  SET PASSWORD|CREATE USER|ALTER USER statements.
59 */
60 class User_params : public Rewrite_params {
61  public:
62  User_params(std::set<LEX_USER *> *users_set)
63  : Rewrite_params(), users(users_set) {}
64  std::set<LEX_USER *> *users;
65 };
66 
67 /**
68  Wrapper object for parameters required by SHOW CREATE USER statement.
69 */
71  public:
72  Show_user_params(bool hide_password_hash, bool print_identified_with_as_hex,
73  String *param_metadata_str)
74  : Rewrite_params(),
76  print_identified_with_as_hex_(print_identified_with_as_hex),
77  metadata_str(param_metadata_str) {}
81 };
82 
83 /**
84  Wrapper object for parameters required for GRANT statement.
85 */
86 class Grant_params : public Rewrite_params {
87  public:
88  Grant_params(bool grant_as_specified, LEX_GRANT_AS *grant_as)
89  : Rewrite_params(),
90  grant_as_provided(grant_as_specified),
91  grant_as_info(grant_as) {}
94 };
95 
96 /**
97  Provides the default interface to rewrite the SQL statements to
98  to obfuscate passwords.
99  It either sets the thd->rewritten_query with a rewritten query,
100  or clears it if no rewriting took place.
101 */
103  const Rewrite_params *params = nullptr);
104 /**
105  Provides the default interface to rewrite the ACL query.
106  If do_ps_instrument, it sets the thd->rewritten_query with
107  a rewritten query.
108 */
110  const Rewrite_params *params = nullptr,
111  bool do_ps_instrument = true);
112 
113 /**
114  An abstract base class to enable the implementation of various query
115  rewriters. It accepts a THD pointer and the intended target type where the
116  query will to be written. It either sets the thd->rewritten_query with a
117  rewritten query, or clears it if no rewriting took place. Concrete classes
118  must implement the rewrite() method to rewrite the query. Despite concrete
119  classes may accept additional parameters, it is recommended not to create
120  their objects directly.
121 */
122 class I_rewriter {
123  public:
124  /* Constructors and destructors */
126  virtual ~I_rewriter();
127  /* Prohibit the copy of the object */
128  I_rewriter(const I_rewriter &) = delete;
129  const I_rewriter &operator=(const I_rewriter &) = delete;
130  I_rewriter(const I_rewriter &&) = delete;
131  const I_rewriter &operator=(const I_rewriter &&) = delete;
132  /* Reset the previous consumer type before rewriting the query */
134  /* Return the current consumer type */
136  /* Concrete classes must implement the logic to rewrite query here */
137  virtual bool rewrite(String &rlb) const = 0;
138 
139  protected:
140  THD *const m_thd;
142 };
143 /**
144  Abstract base class to define the skeleton of rewriting the users, yet
145  deferring some steps to the concrete classes. The implementation in specific
146  steps might vary according to SQL or the consumer type.
147 */
148 class Rewriter_user : public I_rewriter {
149  protected:
150  Rewriter_user(THD *thd, Consumer_type target_type);
151  /*
152  Provides the skeleton to rewrite the users. The actual user is rewritten
153  through the concrete implementation of private methods.
154  */
155  void rewrite_users(LEX *lex, String *str) const;
156  /* Append the literal value <secret> to the str */
157  void append_literal_secret(String *str) const;
158  /* Append the password hash to the output string */
159  virtual void append_auth_str(LEX_USER *lex, String *str) const;
160  /* Append the authentication plugin name for the user */
161  void append_plugin_name(const LEX_USER *user, String *str) const;
162  /* Append authentication plugin name from LEX_MFA for the user */
163  void append_mfa_plugin_name(const LEX_MFA *user, String *str) const;
164  /* Append the authentication string from LEX_MFA for the user */
165  void append_mfa_auth_str(const LEX_MFA *user, String *str) const;
166 
167  /*
168  Rewrites some of the user specific properties which are common to
169  concrete classes.
170  */
171  bool rewrite(String &rlb) const override;
172  /*
173  Abstract method to be implemented by the concrete classes.
174  The implementation methos should add the user authID, plugin info and
175  auth str
176  */
178  String *str) const = 0;
179  /* Append the PASSWORD REUSE OPTIONS clause for users */
180  virtual void rewrite_password_history(const LEX *lex, String *str) const = 0;
181  /* Append the PASSWORD REUSE OPTIONS clause for users */
182  virtual void rewrite_password_reuse(const LEX *lex, String *str) const = 0;
183  /* Append the ATTRIBUTE or COMMENT clause for user */
185  String *str) const = 0;
186  /* Use LEX to reconstruct the ATTRIBUTE or COMMENT clauses */
188  String *str) const;
189 
190  private:
191  /* Append the SSL OPTIONS clause for users */
192  void rewrite_ssl_properties(const LEX *lex, String *str) const;
193  /* Append the RESOURCES OPTIONS clause for users */
194  void rewrite_user_resources(const LEX *lex, String *str) const;
195  /* Append the ACCOUNT LOCK OPTIONS clause for users */
196  void rewrite_account_lock(const LEX *lex, String *str) const;
197  /* Append the PASSWORD EXPIRED OPTIONS clause for users */
198  void rewrite_password_expired(const LEX *lex, String *str) const;
199  /* Append the PASSWORD REQUIRE CURRENT clause for users */
200  void rewrite_password_require_current(LEX *lex, String *str) const;
201  /* Append FAILED_LOGIN_ATTEMPTS/PASSWORD_LOCK_TIME */
202  void rewrite_account_lock_state(LEX *lex, String *str) const;
203  /* Append the DEFAULT ROLE OPTIONS clause */
204  void rewrite_default_roles(const LEX *lex, String *str) const;
205 };
206 /** Rewrites the CREATE USER statement. */
207 class Rewriter_create_user final : public Rewriter_user {
209 
210  public:
212  bool rewrite(String &rlb) const override;
214  String *str) const override;
215 
216  private:
218  String *str) const override;
219  void rewrite_password_history(const LEX *lex, String *str) const override;
220  void rewrite_password_reuse(const LEX *lex, String *str) const override;
221 };
222 /** Rewrites the ALTER USER statement. */
223 class Rewriter_alter_user final : public Rewriter_user {
225 
226  public:
228  bool rewrite(String &rlb) const override;
230  String *str) const override;
231 
232  private:
234  String *str) const override;
235  void rewrite_password_history(const LEX *lex, String *str) const override;
236  void rewrite_password_reuse(const LEX *lex, String *str) const override;
237 };
238 /** Rewrites the SHOW CREATE USER statement. */
241 
242  public:
244  const Rewrite_params *params);
245  bool rewrite(String &rlb) const override;
247  String *str) const override;
248 
249  protected:
250  /* Append the password hash to the output string */
251  void append_auth_str(LEX_USER *lex, String *str) const override;
252 
253  private:
255  String *str) const override;
256  void rewrite_password_history(const LEX *lex, String *str) const override;
257  void rewrite_password_reuse(const LEX *lex, String *str) const override;
259 };
260 
261 /** Rewrites the SET statement. */
262 class Rewriter_set : public I_rewriter {
263  public:
265  bool rewrite(String &rlb) const override;
266 };
267 /*
268  Rewrites the SET PASSWORD statement
269 */
270 class Rewriter_set_password final : public Rewriter_set {
272 
273  public:
275  const Rewrite_params *params);
276  bool rewrite(String &rlb) const override;
277 
278  private:
279  /* Name of the user whose password has to be changed */
280  std::set<LEX_USER *> *m_users = nullptr;
281 };
282 
283 /** Rewrites the GRANT statement. */
284 class Rewriter_grant final : public I_rewriter {
285  public:
286  Rewriter_grant(THD *thd, Consumer_type type, const Rewrite_params *params);
287  bool rewrite(String &rlb) const override;
288 
289  private:
290  /* GRANT AS information */
291  const Grant_params *grant_params = nullptr;
292 };
293 
294 /** Rewrites the CHANGE REPLICATION SOURCE statement. */
296  public:
298  bool rewrite(String &rlb) const override;
299 };
300 
301 /** Rewrites the START REPLICA statement. */
302 class Rewriter_replica_start final : public I_rewriter {
303  public:
305  bool rewrite(String &rlb) const override;
306 };
307 /** Base class for SERVER OPTIONS related statement */
309  public:
311 
312  protected:
313  // Append the SERVER OPTIONS clause
314  void mysql_rewrite_server_options(const LEX *lex, String *str) const;
315 };
316 /** Rewrites the CREATE SERVER statement. */
319 
320  public:
322  bool rewrite(String &rlb) const override;
323 };
324 /** Rewrites the ALTER SERVER statement. */
327 
328  public:
330  bool rewrite(String &rlb) const override;
331 };
332 
333 /** Rewrites the PREPARE statement.*/
334 class Rewriter_prepare final : public I_rewriter {
335  public:
337  bool rewrite(String &rlb) const override;
338 };
339 
340 /** Rewrites CLONE statement.*/
341 class Rewriter_clone final : public I_rewriter {
342  public:
344  bool rewrite(String &rlb) const override;
345 };
346 
347 /** Rewrites the START GROUP_REPLICATION command.*/
349  public:
351  bool rewrite(String &rlb) const override;
352 };
353 
354 #endif /* SQL_REWRITE_INCLUDED */
Wrapper object for parameters required for GRANT statement.
Definition: sql_rewrite.h:86
Grant_params(bool grant_as_specified, LEX_GRANT_AS *grant_as)
Definition: sql_rewrite.h:88
bool grant_as_provided
Definition: sql_rewrite.h:92
LEX_GRANT_AS * grant_as_info
Definition: sql_rewrite.h:93
An abstract base class to enable the implementation of various query rewriters.
Definition: sql_rewrite.h:122
Consumer_type consumer_type()
Return the current consumer type set in the object.
Definition: sql_rewrite.cc:422
virtual ~I_rewriter()
I_rewriter(const I_rewriter &)=delete
const I_rewriter & operator=(const I_rewriter &&)=delete
virtual bool rewrite(String &rlb) const =0
Consumer_type m_consumer_type
Definition: sql_rewrite.h:141
const I_rewriter & operator=(const I_rewriter &)=delete
I_rewriter(const I_rewriter &&)=delete
void set_consumer_type(Consumer_type type)
Reset the previous consumer type.
Definition: sql_rewrite.cc:414
THD *const m_thd
Definition: sql_rewrite.h:140
I_rewriter(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:403
Definition: sql_lex.h:3590
An interface to wrap the paramters required by specific Rewriter.
Definition: sql_rewrite.h:51
virtual ~Rewrite_params()=default
Rewrites the ALTER SERVER statement.
Definition: sql_rewrite.h:325
Rewriter_alter_server(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1704
bool rewrite(String &rlb) const override
Rewrite the query for the ALTER SERVER statement.
Definition: sql_rewrite.cc:1715
Rewrites the ALTER USER statement.
Definition: sql_rewrite.h:223
void rewrite_password_history(const LEX *lex, String *str) const override
Append the PASSWORD HISTORY clause for users iff it is specified.
Definition: sql_rewrite.cc:1012
void append_user_auth_info(LEX_USER *user, bool comma, String *str) const override
Append the authID, plugin and auth str of the user to output string :
Definition: sql_rewrite.cc:935
void rewrite_user_application_user_metadata(const LEX *lex, String *str) const override
Default implementaiton of the the rewriter for user applicatiton user metadata.
Definition: sql_rewrite.cc:489
void rewrite_password_reuse(const LEX *lex, String *str) const override
Append the PASSWORD REUSE clause for users iff it is specified.
Definition: sql_rewrite.cc:1024
Rewriter_alter_user(THD *thd, Consumer_type type=Consumer_type::TEXTLOG)
Definition: sql_rewrite.cc:905
bool rewrite(String &rlb) const override
Rewrite the query for the ALTER USER statement.
Definition: sql_rewrite.cc:915
Rewrites the CHANGE REPLICATION SOURCE statement.
Definition: sql_rewrite.h:295
bool rewrite(String &rlb) const override
Rewrite the query for the CHANGE REPLICATION SOURCE statement.
Definition: sql_rewrite.cc:1462
Rewriter_change_replication_source(THD *thd, Consumer_type)
Definition: sql_rewrite.cc:1450
Rewrites CLONE statement.
Definition: sql_rewrite.h:341
bool rewrite(String &rlb) const override
Rewrite the query for the CLONE statement to hide password.
Definition: sql_rewrite.cc:1762
Rewriter_clone(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1751
Rewrites the CREATE SERVER statement.
Definition: sql_rewrite.h:317
Rewriter_create_server(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1657
bool rewrite(String &rlb) const override
Rewrite the query for the CREATE SERVER statement.
Definition: sql_rewrite.cc:1686
Rewrites the CREATE USER statement.
Definition: sql_rewrite.h:207
void append_user_auth_info(LEX_USER *user, bool comma, String *str) const override
Append the authID, plugin and auth str of the user to output string :
Definition: sql_rewrite.cc:828
void rewrite_password_history(const LEX *lex, String *str) const override
Append the PASSWORD HISTORY clause for users iff it is specified.
Definition: sql_rewrite.cc:887
void rewrite_password_reuse(const LEX *lex, String *str) const override
Append the PASSWORD REUSE clause for users iff it is specified.
Definition: sql_rewrite.cc:899
void rewrite_user_application_user_metadata(const LEX *lex, String *str) const override
Default implementaiton of the the rewriter for user applicatiton user metadata.
Definition: sql_rewrite.cc:478
Rewriter_create_user(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:797
bool rewrite(String &rlb) const override
Rewrite the query for the CREATE USER statement.
Definition: sql_rewrite.cc:807
Rewrites the GRANT statement.
Definition: sql_rewrite.h:284
bool rewrite(String &rlb) const override
Rewrite the query for the GRANT statement.
Definition: sql_rewrite.cc:1280
Rewriter_grant(THD *thd, Consumer_type type, const Rewrite_params *params)
Definition: sql_rewrite.cc:1267
const Grant_params * grant_params
Definition: sql_rewrite.h:291
Rewrites the PREPARE statement.
Definition: sql_rewrite.h:334
Rewriter_prepare(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1729
bool rewrite(String &rlb) const override
Rewrite the query for the PREPARE statement.
Definition: sql_rewrite.cc:1740
Rewrites the START REPLICA statement.
Definition: sql_rewrite.h:302
bool rewrite(String &rlb) const override
Rewrite the query for the SLAVE REPLICA statement.
Definition: sql_rewrite.cc:1595
Rewriter_replica_start(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1585
Base class for SERVER OPTIONS related statement.
Definition: sql_rewrite.h:308
void mysql_rewrite_server_options(const LEX *lex, String *str) const
Append the SERVER OPTIONS clause.
Definition: sql_rewrite.cc:1665
Rewriter_server_option(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1655
Definition: sql_rewrite.h:270
bool rewrite(String &rlb) const override
Rewrite the query for the SET PASSWORD statement.
Definition: sql_rewrite.cc:1218
std::set< LEX_USER * > * m_users
Definition: sql_rewrite.h:280
Rewriter_set_password(THD *thd, Consumer_type type, const Rewrite_params *params)
Definition: sql_rewrite.cc:1203
Rewrites the SET statement.
Definition: sql_rewrite.h:262
Rewriter_set(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1177
bool rewrite(String &rlb) const override
Rewrite the query for the SET statement.
Definition: sql_rewrite.cc:1188
Rewrites the SHOW CREATE USER statement.
Definition: sql_rewrite.h:239
void rewrite_password_history(const LEX *lex, String *str) const override
Append the PASSWORD HISTORY clause for users.
Definition: sql_rewrite.cc:1112
void rewrite_password_reuse(const LEX *lex, String *str) const override
Append the PASSWORD REUSE clause for users.
Definition: sql_rewrite.cc:1122
Rewriter_show_create_user(THD *thd, Consumer_type type, const Rewrite_params *params)
Definition: sql_rewrite.cc:1030
void append_user_auth_info(LEX_USER *user, bool comma, String *str) const override
Append the authID, plugin name and suth str user to output string.
Definition: sql_rewrite.cc:1133
void rewrite_user_application_user_metadata(const LEX *lex, String *str) const override
Overrides implementaiton of the the rewriter for user application user metadata.
Definition: sql_rewrite.cc:1061
void append_auth_str(LEX_USER *lex, String *str) const override
A special rewriter override to make SHOW CREATE USER convert the string to hex if print_identified_wi...
Definition: sql_rewrite.cc:1080
bool rewrite(String &rlb) const override
Rewrite the query for the SHOW CREATE USER statement.
Definition: sql_rewrite.cc:1048
const Show_user_params * show_params_
Definition: sql_rewrite.h:258
Rewrites the START GROUP_REPLICATION command.
Definition: sql_rewrite.h:348
Rewriter_start_group_replication(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1767
bool rewrite(String &rlb) const override
Rewrite the query for the START GROUP_REPLICATION command.
Definition: sql_rewrite.cc:1778
Abstract base class to define the skeleton of rewriting the users, yet deferring some steps to the co...
Definition: sql_rewrite.h:148
void append_mfa_auth_str(const LEX_MFA *user, String *str) const
Append the authentication string from LEX_MFA for the user.
Definition: sql_rewrite.cc:713
void rewrite_user_resources(const LEX *lex, String *str) const
Append the user resource clauses for users.
Definition: sql_rewrite.cc:563
void append_literal_secret(String *str) const
Append the literal <secret> in place of password to the output string.
Definition: sql_rewrite.cc:499
void rewrite_password_require_current(LEX *lex, String *str) const
Append the PASSWORD REQUIRE CURRENT clause for users.
Definition: sql_rewrite.cc:626
Rewriter_user(THD *thd, Consumer_type target_type)
Definition: sql_rewrite.cc:424
void rewrite_password_expired(const LEX *lex, String *str) const
Append the PASSWORD EXPIRE clause for users iff it is specified.
Definition: sql_rewrite.cc:605
virtual void rewrite_user_application_user_metadata(const LEX *lex, String *str) const =0
void rewrite_users(LEX *lex, String *str) const
Fetch the users from user_list in LEX struct and append them to the String.
Definition: sql_rewrite.cc:764
void rewrite_in_memory_user_application_user_metadata(const LEX *user, String *str) const
Use the LEX for reconstructing the ATTRIBUTE or COMMENT clause.
Definition: sql_rewrite.cc:456
void rewrite_account_lock_state(LEX *lex, String *str) const
Append the account lock state.
Definition: sql_rewrite.cc:655
virtual void rewrite_password_history(const LEX *lex, String *str) const =0
The default implementation is to append the PASSWORD HISTORY clause iff it is specified.
Definition: sql_rewrite.cc:732
virtual void append_user_auth_info(LEX_USER *user, bool comma, String *str) const =0
void rewrite_ssl_properties(const LEX *lex, String *str) const
Append the SSL clause for users iff it is specified.
Definition: sql_rewrite.cc:521
void append_mfa_plugin_name(const LEX_MFA *user, String *str) const
Append the authentication plugin name from LEX_MFA for the user.
Definition: sql_rewrite.cc:697
virtual void append_auth_str(LEX_USER *lex, String *str) const
Append the password hash to the output string.
Definition: sql_rewrite.cc:509
bool rewrite(String &rlb) const override
Appends the essential clauses for SHOW CREATE|CREATE|ALTER USER statements in the buffer rlb.
Definition: sql_rewrite.cc:435
void rewrite_account_lock(const LEX *lex, String *str) const
Append the ACCOUNT LOCK clause for users iff it is specified.
Definition: sql_rewrite.cc:590
void append_plugin_name(const LEX_USER *user, String *str) const
Append the authentication plugin name for the user.
Definition: sql_rewrite.cc:675
virtual void rewrite_password_reuse(const LEX *lex, String *str) const =0
The default implementation is to append the PASSWORD REUSE clause iff it is specified.
Definition: sql_rewrite.cc:748
void rewrite_default_roles(const LEX *lex, String *str) const
Append the DEFAULT ROLE clause for users iff it is specified.
Definition: sql_rewrite.cc:782
Wrapper object for parameters required by SHOW CREATE USER statement.
Definition: sql_rewrite.h:70
String * metadata_str
Definition: sql_rewrite.h:80
bool hide_password_hash
Definition: sql_rewrite.h:78
Show_user_params(bool hide_password_hash, bool print_identified_with_as_hex, String *param_metadata_str)
Definition: sql_rewrite.h:72
bool print_identified_with_as_hex_
Definition: sql_rewrite.h:79
Using this class is fraught with peril, and you need to be very careful when doing so.
Definition: sql_string.h:165
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_class.h:821
Wrapper object for user related parameters required by: SET PASSWORD|CREATE USER|ALTER USER statement...
Definition: sql_rewrite.h:60
User_params(std::set< LEX_USER * > *users_set)
Definition: sql_rewrite.h:62
std::set< LEX_USER * > * users
Definition: sql_rewrite.h:64
char * user
Definition: mysqladmin.cc:59
std::string str(const mysqlrouter::ConfigGenerator::Options::Endpoint &ep)
Definition: config_generator.cc:1056
const string comma(" , ")
required string type
Definition: replication_group_member_actions.proto:33
void mysql_rewrite_acl_query(THD *thd, String &rlb, Consumer_type type, const Rewrite_params *params=nullptr, bool do_ps_instrument=true)
Provides the default interface to rewrite the ACL query.
Definition: sql_rewrite.cc:387
void mysql_rewrite_query(THD *thd, Consumer_type type=Consumer_type::TEXTLOG, const Rewrite_params *params=nullptr)
Provides the default interface to rewrite the SQL statements to to obfuscate passwords.
Definition: sql_rewrite.cc:351
Consumer_type
Target types where the rewritten query will be added.
Definition: sql_rewrite.h:37
Definition: table.h:2454
Definition: table.h:2561
The LEX object currently serves three different purposes:
Definition: sql_lex.h:3654